<?php
require_once(dirname(__FILE__)."/config.php");
require_once(DEDEMEMBER."/inc_pwd_functions.php");
if(empty($dopost))
{
	$dopost = '';
}
if($dopost == '')
{
	include(dirname(__FILE__).'/templets/resetpassword.htm');
}
elseif($dopost == 'getpwd')
{

	//验证验证码
	if(!isset($vdcode))
	{
		$vdcode = '';
	}
	$svali = GetCkVdValue();
	if(strtolower($vdcode)!=$svali || $svali=='')
	{
		ResetVdValue();
		ShowMsg('对不起，验证码输入错误！', '-1');
		exit();
	}

	//验证邮箱，用户名
	if(empty($mail) && empty($userid))
	{
		showmsg('对不起，请输入用户名或邮箱', '-1');
		exit;
	}
	else if(!ereg("(.*)@(.*)\.(.*)",$mail))
	{
		showmsg('对不起，请输入正确的邮箱格式', '-1');
		exit;
	}
	else if(CheckUserID($userid, '', false)!='ok')
	{
		ShowMsg("你输入的用户名 {$userid} 不合法！", "-1");
		exit();
	}
	
	$member = member($mail,$userid);
	if(!is_array($member))
	{
		ShowMsg('对不起，用户ID或邮箱错误！', '-1');
		exit();
	}

	//以邮件方式取回密码；判断系统邮件服务是否开启
	if($cfg_sendmail_bysmtp == 'Y')
	{
			sn($member['mid'], $userid, $member['email']);
	}
	else
	{
			showmsg('对不起邮件服务暂未开启，请联系管理员', 'login.php');
			exit();
	}
	
	exit();
}
elseif($dopost == 'getpasswd')
{
	//修改密码
	if(empty($id))
	{
		ShowMsg('对不起，请不要非法提交', 'login.php');
		exit();
	}
	$mid = ereg_replace('[^0-9]', '',$id);
	$row = $db->GetOne("Select * From `#@__member_pwd_tmp` where mid = '$mid'");
	if(empty($row))
	{
		ShowMsg('对不起，请不要非法提交', 'login.php');
		exit();
	}
	if(empty($setp))
	{
		$tptim= (60*60*24*3);
		$dtime = time();
		if($dtime - $tptim > $row['mailtime'])
		{
			$db->executenonequery("DELETE FROM `#@__member_pwd_tmp` WHERE `md` = '$id'; ");
			ShowMsg("对不起，临时密码修改期限已过期","login.php");
			exit();
		}
		require_once(dirname(__FILE__).'/templets/resetpassword2.htm');
	}
	elseif($setp == 2)
	{
		if(isset($key))
		{
			$pwdtmp = $key;
		}
		$sn = md5(trim($pwdtmp));
		if($row['pwd'] == $sn)
		{
			if($pwd != '')
			{
				if($pwd == $pwdok)
				{
					$pwdok = md5($pwdok);
					$sql = "DELETE FROM `#@__member_pwd_tmp` WHERE `mid` = '$id'; ";
					$db->executenonequery($sql);
					$sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id'; ";
					if($db->executenonequery($sql))
					{
						showmsg('更改密码成功，请牢记新密码', 'login.php');
						exit;
					}
				}
			}
			showmsg('对不起，新密码为空或填写不一致', '-1');
			exit;
		}
		showmsg('对不起，临时密码错误', '-1');
		exit;
	}
}
?>